• 0 Posts
  • 22 Comments
Joined 2 months ago
cake
Cake day: July 22nd, 2024

help-circle


  • Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.

    No it doesn’t. It reduces the possibilities to less than the 52x52 possibilities that would exist if you allowed all possible combinations of upper and lower case letters.

    You are confused because you only see the two options of enforcing or not allowing certain characters. All characters need to be allowed but none should be enforced. That maximizes the number of possible combinations.

    that passwords should all require certain complexity, but without broadcasting the password requirements publicly?

    No, because that’s still the same. An attacker can find out the rules by creating accounts and testing.


  • Don_alForno@feddit.orgtoAsklemmy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    Deutsch
    arrow-up
    2
    ·
    edit-2
    26 days ago

    By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords.

    You don’t add them, you enforce at least one. That eliminates all combinations without upper case letters.

    So, without this rule you would indeed have the 52x52 possible passwords, but with it you have (52x52)-(26x26) possible passwords (the second bracket is all combinations of 2 lowercase letters), which is obviously less.

    The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase

    Wrong. In your example, for any given try, if you have put a lowercase letter in spot 1, you don’t need to try any lowercase in spot 2.

    Any information you give the attacker eliminates possible combinations.















  • It takes way more effort from the user and leads to more people dropping out.

    Then make it 0 to 3 or 0 to 1 for all I care. You missed the point, which is: If I want or don’t want feature A doesn’t influence if I want or don’t want feature B, and linking the two distorts the results of the poll.

    in the end, the result is the same in Aggregate.

    Not if you include the human factor of the decision maker, who can twist “wanted less” into “still wanted a bit” as a justification if they want a certain feature for different reasons than user benefit (like, say, a “privacy friendly” but indeed not at all privacy friendly mechanism to give data to add networks). That doesn’t fly with “0 points”.